CS205 Quiz 1 File by Tanveer Online Academy

A policy is___________________. Mandatory and applies

to entire organization;

signed off by senior

management

The verizon and symantec reports show that_______________. Email is the most

attacked vector

People, process and technology can be described Three important areas

as_____________________. which have to be

addressed for effective

information security

implementation

During the “test/validate” stage____________________. The information security

team conducts a review

of correctness and

coverage of security

control implementation
Policies and procedures are the part of ___________ layer in Security governance

information security transformation framework.

Which of the following statement is true? There are multiple

players in cyber security

and each has a role to

play to improve cyber

security posture

People, process, and _____________are together referred to as Technology

the Information Security Triad.

In an IT network how data exfiltration can be avoided at edge? Through network DLP

solution

The purpose of the information security lifecycle is to ensure All security projects &

that___________________. activities consistently

follow the same sequence

and steps

What information needs to be backed up in an enterprise IT? All of the above

Layer 2 of the security transformation model emphasis Identifying

on_____________. vulnerabilities through a

risk-based approach

The typical enterprise IT network has been characterized to IT components,

help in understanding______________. architecture of the

network, and security

devices and placement

Security hardening can best be described Configuring it assets to

as__________________. maximize security and

minimize risk

The DMZ is an important zone in the network with the Allowing external access

following functions: to important services

such as web, email, and

remote access, while

providing a layer of

protection and filtering

How high availability can be designed in an enterprise IT All of given

network?

What is the advantage of offsite backup in an enterprise IT Data will be preserved in

network? case of some catastrophic

event

People, process, and technology together A holistic approach to

form_________________. information security

__________ assigns quantifiable measures. Standard

How is information security implemented? With the help of an

information security

program

Authentication, access control, data confidentiality, data Security service

integrity, non-repudiation, availability are covered

by________________.
IT/ Infosec Teams require information security project report Daily

at ________basis.

he IT global cyber security index (GCI) is______________. An initiative that covers

five main areas in order

to assist governments

improve their cyber

security posture.

Which of the following programs is relevant when we are Security education

simply trying to “focus attention on security”?

One of the challenges in effective implementation of a security Adhoc culture and lack

transformation project in a small-sized organization of discipline

is_______________.

What are the performance KPIS of IT teams? Both a & b

The impact of vm sprawl is that___________________. Vms can be created

quickly, self-provisioned,

or moved between

physical servers, leading

to too many vm’s

The IT global cyber security index (GCI) is______________. An initiative that covers

five main areas in order

to assist governments

improve their cyber

security posture.
Security governance simply means_________________. Managing the security

program

_________________is the part of Information Security Training

Awareness.

What is the best description of a security standard or Blue print or roadmap

framework? for achieving

information security

objectives

What is disaster recovery (DR) in an enterprise IT network? A pre planned approach

for establishing it

functions at alternate site

The ITU global cyber security index (GCI) covers: Legal, technical,

organizational, capacity

building and cooperation

Layer 2 of the security transformation model emphasis Security governance

on_____________.

For effective information security implementation, the security Management

journey should start with___________. commitment

One of the major challenges of information security in Pakistan Not funded adequately

is that it is_____________________.

As per ISACA, risk should be managed so that_____________. There is an acceptable

level of assurance and

predictability to the
 desired outcomes of any

organizational activity

Security in the trenches refers to__________________. Most basic security

hardening activities

usually carried out by

junior staff

During the third stage (remediation plan) of the information Methodology/framework,

security lifecycle, the following activities are planned and controls, resources,

prepared. timeline, approvals, sop

The 4 layer security transformation model and isms May form essential

requirements and controls__________________. elements of the security

program

It would be correct to say that the security posture in Pakistan Effective actions taken

can be improved by____________. by regulators,

organizations, and

building an effective

cyber security eco-system

Regionally, the most well developed cyber security strategy and 1

framework developed by Singapore by ITU is at

rank______________.

What are the three types of redundant site models in an Hot site, cold site and

enterprise network? warm site

A ________________is a blueprint or roadmap for achieving Standard

Information Security objectives

What are the famous SIEM solutions available in market? OSSEC, SPLUNK AND

Q-RADAR

In Global Cyber Security Index 2017 (ITU) Pakistan at 67th

ranked__________.

In information security life cycle methodology and framework Remediation Plan

phase comes in _________step.

An information security program is___________________. The sum total of all

security activities

planned and executed by

the organization

The purpose of network admission control (NAC) is to allow IEEE802.1X

only compliant systems to connect to the network through the

following IEEE standard____________________.

Iso27001:2013 (isms) clause 5.1 talks about_________________. Policy and objectives,

integration into

processes, resources,

communication,

promoting continual

improvement, intended

outcomes

Which of the following statements is false? Iso27001:2013 has ten

short clauses and a long

annex with 14 sections,

and 113 controls

What do you mean by RTO in a business continuity plan? Maximum age of files

that an organization

must recover from

backup storage for

normal operations to

resume after disaster

There are __________main pillars of information security. 3

Information security management committee requires Weekly

information security project report at ________basis.

The information security transformation model: Four layers, with the first

layer being on the

bottom: security

hardening

___________________ are important tasks where the Signing off critical

information security manager should be involved. change requests,

monitoring the

vulnerability

management program,

facilitate incident

management process

The key factor related to cloud, mobile, IOT, and social is It has further

that____________. complicated the already

difficult task of achieving

a strong security posture

Information security management committee requires Weekly

information security project report at ________basis.

_____________ refers to potential damage or loss. Risk